Skip to main content

Kubevirt CVE-2024-33394

MEDIUM
Code Injection (CWE-94)
2024-05-02 cve@mitre.org
5.9
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.9 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
May 02, 2024 - 18:15 cve.org
MEDIUM 5.9

DescriptionCVE.org

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

AnalysisAI

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. Affected products include: Kubevirt.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2022-1798 MEDIUM POC
6.5 Sep 15

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to confi

CVE-2020-14316 CRITICAL
9.9 Jul 29

A flaw was found in kubevirt 0.29 and earlier. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploi

CVE-2023-26484 HIGH
8.2 Mar 15

KubeVirt is a virtual machine management add-on for Kubernetes. Rated high severity (CVSS 8.2), this vulnerability is re

CVE-2026-13201 HIGH
7.3 Jun 24

Local privilege boundary bypass in KubeVirt's safepath package lets an attacker who controls a virt-launcher pod trick t

CVE-2026-13208 MEDIUM
6.5 Jun 24

KubeVirt's virt-handler domain notify server allows a compromised virt-launcher process to forge lifecycle events for an

CVE-2026-13318 MEDIUM
6.4 Jun 26

Server-side request forgery in KubeVirt's virt-api port-forward handler allows authenticated Kubernetes users with kubev

CVE-2026-13218 MEDIUM
4.2 Jun 26

Symlink-following in KubeVirt's virt-handler permits a container-level attacker to overwrite arbitrary host files and ch

CVE-2025-64324 HIGH POC
8.5 Nov 18

KubeVirt is a virtual machine management add-on for Kubernetes. Rated high severity (CVSS 8.5), this vulnerability is no

CVE-2025-64437 MEDIUM POC
5.0 Nov 07

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 5.0). Public exploit code av

CVE-2025-64436 MEDIUM POC
6.9 Nov 07

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 6.9), this vulnerability is

CVE-2025-64435 MEDIUM POC
5.3 Nov 07

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is

CVE-2025-64434 MEDIUM POC
4.7 Nov 07

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 4.7). Public exploit code av

Share

CVE-2024-33394 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy